05.05.04
Coping with P2P
I’ve posted about the DMCA before, pointing out that the DMCA is a poorly written law, but it is the law,
and must be adhered to, something RIAA subpoenas rely on. There have recently been a
number of articles referring to the way UCLA, where I am a student, is
dealing with P2P (peer to peer) MP3 file trading, and allegations of a
digital copyright violation from rights holders. Most of the articles seem
to miss the point, even though UCLA has provided a public
statement explaining the process.
UCLA, like most other campuses
and networks with any sizeable user base (or an Online Service Provider in
DCMA terms), is required to have contact information for the DMCA
“designated agent” posted on the university’s web site. When a rights holder contacts
the DMCA designated agent and asserts the presence of a copyright violation
on the network the content in question must be removed, immediately,
before a decision about the validity of the complaint. Keep in mind that
the claim of online copyright infringement is not a standard, easy to
follow memo; it’s a legal document, generated by a culture that gives
points for complexity. Sometimes the notifications are incomplete.
Nonetheless the designated DMCA agent has to respond by removing the
material, within a very short time, in accordance with the law. That’s a
lot of work for a large school, especially a school with 25,328
undergraduates, many of whom live in campus residences connected to the
high speed campus back bone. It’s not uncommon for large schools to receive
hundreds of notifications a month. And of course UCLA, like every other
campus with a network connection, is worried about students potentially
“trading” illegal MP3 or other files covered by copyright for reasons
beyond their concerns about possibly illegal activity on their networks.
The popularity of P2P “file trading” among users between twelve and fifty
can clog networks, creating so much congestion that users simply trying to
send and receive email or browse the web, can’t.
There are a number
of ways a campus can deal with potential problems.
- Some campuses
look specifically for users employing P2P clients on their networks, and
react by shutting off specific ports. Others look for traffic patterns and
other indicators of P2P use, and automatically restrict access based on
locally determined criteria. - This is the approach that the
University of Florida’s ICARUS system uses. ICARUS looks for use patterns associated with
large-scale “sharing,” then displays a pop-up notifying the student that
network access has been restricted locally, and why, and how to obtain full
access again. I don’t think much of this solution; it’s not always that
easy to distinguish between illegal P2P activity and legal P2P activity. It
also seems needlessly invasisive. Remember, it isn’t P2P software that’s
the problem, only the actions of some users. There are also legitimate reasons to use P2P (many of them related to
research and
instruction— think “distributed computing” and “grids”) and some
“file trading” is legitimate, and not in violation of copyright. I can
think of a number of ways to legitimately use P2P to transfer large files for
instruction, for instance, in a music composition class. This approach
makes that kind of use difficult. - Some campuses don’t do
much of anything to educate users or prevent network abuse until the RIAA
comes calling, subpoena in hand, and then they turn over records, in the
worst cases, or stall, in the most common reaction. - I
don’t think much of this solution either. It is illegal to distribute
copyright protected files without permission from the rights holder.
Moreover, it is part of the responsibility of a university to educate
students about ethics as well as the standard academic subjects. Students,
and all the other users of a network, need to be educated about the
illegality of distributing material without permission from the rights
holders. Finally, students do have certain privacy rights, rights that are
explicitly protected via FERPA regulations; this “solution” tends to impinge
students’ rights, potentially resulting in violations of FERPA and other
privacy statutes. - Some universities use another form of
technological prevention; they employ various filtering and packet sniffing
technologies (both hardware and software) to inspect network data,
comparing the data to a database of materials, or looking for specific
protocols associated with P2P traffic, and then stopping the transfer in
one of several ways. - Filtering, unless it is used in
tandem with other measures, isn’t a solution; it may well in fact create
additional problems. First, it tends to work by paying attention to
specific kinds of traffic, like P2P, rather than other kinds (UseNet, for
instance). Again, any technology can eventually be subverted, (encryption
doesn’t have to be difficult, and soon won’t be) and since these methods
rely on letting a download start, so that it can be checked, this approach
strikes me as a waste of bandwidth. The likelihood of false positives seems
fairly high to me. Generally, with this kind of technology, there are
tracking identification methods that are a bit of a problem on a campus,
given privacy issues. This solution tends to be expensive, since it relies
on proprietary code and hardware. Close monitoring, at the level of
individual use patterns, can have a chilling effect on research and the academic community,
often because to the average user it may appear like “spying,” whatever the
intention is. Finally, this kind of solution doesn’t do anything to change
the behavior of users for the long term, and therefore isn’t a real
solution. - Some universities engage in bandwidth
throttling, monitoring the network for excess throughput and shutting it
off, or shutting off specific users, or in some cases, prohibiting the
ability to upload files; this was pretty common for reasons of cost and
network management long before P2P was an issue, and it’s fairly standard
practice for a variety of reasons having to do with network and cost
management. UCLA does this in part now, by making web and email traffic on
the network a higher priority than, say, P2P traffic. - This
solution doesn’t change user behavior for the long term; it simply masks
the symptoms of the problem, and it affects the innocent as well as the
possibly guilty. There are legitimate reasons for academic users to use
lots of bandwidth, and uploading is necessary for a variety of research and
educational purposes. However, bandwidth control in combination with other
methods can be effective as a protective measure.
In
general, I’m not impressed with any overly sophisticated or elaborate
technological solutions. For one thing, digital technology changes rapidly,
in a matter of hours, sometimes, and a really clever method of preventing
“file trading” is likely to attract the attention of really clever people
who will subvert it as an interesting puzzle. Moreover, these solutions
tend to be expensive, and I think there are far better ways to spend an IT
budget. The real solution is to change behaviors, not
technologies.
I rather like what UCLA has done.
- First,
though the awkwardly written and scantily researched
Chronicle of Higher Education article doesn’t refer to it,
UCLA spends a fair amount of effort on educating students regarding appropriate use of the campus academic and residential networks. That includes orientation
sessions for incoming students. For obvious reasons, right now the central
issue is the use of the residential network (ResNet) associated with
campus housing
(about 7,500 students and some faculty and staff living in the residence
halls), but the entire UCLA community is involved in appropriate use
education. - Secondly, UCLA doesn’t make assumptions about the
guilt or innocence of the students. If UCLA is contacted regarding a
violation, the student is notified by email, and the students computer is
“quarantined” with respect to the campus network, allowing the student to
access on campus resources vital for instruction and interaction with
administration and faculty, but not access other ResNet points or external
networks. - The resident is told to remove the files in
question, and to sign a statement which indicates that the files have been
removed but which neither asserts nor requires an admission of
guilt. The file removal and quarantine are in response to the
requirements of the DMCA; they are not punitive. - If these
steps are followed, complete network access is restored, generally within
in one business day. - If there is a subsequent incident
involving the same student, the student’s computer is again placed in
quarantine (that is, it’s access to the network is restricted) and the
student must go through the standard campus disciplinary process, which
generally involves the Dean of Students office. During the time the inquiry
is in process, the computer remains in quarantine, with restricted network
access, but the student can still use the campus network resources
necessary to complete course work.
I like UCLA’s
approach since it doesn’t engage in invasive actions, packet sniffing, or
assumptions of guilt. UCLA responds with alacrity to allegations of
copyright violation, in accord with the DMCA, by placing a computer in
quarantine. This method provides an opportunity to educate the user. Even
though copyright issues are discussed at orientation, many students don’t
really seem to understand that not only are they inadvertently sharing
files they may have obtained legally, (naive P2P users don’t realize that
their own files are “shared” when they are downloading) or that even
downloading files “ripped” by others is illegal. By applying a quarantine,
UCLA prevents possible inappropriate use of the network, without
obstructing the student’s education, protects rights of the rights holder,
meets the requirements of the DMCA, and there’s an opportunity to educate
the user. UCLA’s approach also allows for due process in the event of a
second offense (and second offenses aren’t as common as you might think).
I particularly like the fact that this is a local UCLA solution,
created by the UCLA community. Despite what various sites have reported,
UCLA’s process does not rely on Universal’s ACNS software nor does UCLA use the University of
Florida’s ICARUS system, though UCLA does take advantage of the XML schema
for the allegation of a rights violation created by Universal, working with
the Joint
Committee of the Higher Education and Entertainment Communities Technology
Task Force and other concerned parties. The XML schema for the initial
notification from a rights holder to an OSP standardizes the format, making
a timely response much easier. UCLA’s response is also standardized, so
that all students are treated the same way. I also like the fact that this
approach is not too technologically clever; UCLA uses the network equivalent
of shutting off a valve by removing access to parts of the network, to quarantine
the computer in question, and it can be combined with other preventive
measures, including user education. Best of all, UCLA’s process was
developed as a cooperative effort by a variety of people from the Dean of
Students office, campus Counsel, Residential Life, Housing and Hospitality
Services, many of them acting as members of committees, including student
representatives (like me). UCLA’s approach serves to protect the rights of
copyright holders, it educates students, and it protects students’ (and
users’) privacy rights.
Permalink Comments off
